Section: .. / 0609-advisories /
| /// File Name: |
USN-352-1.txt |
Description:
|
Ubuntu Security Notice 352-1: Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6571 | | Last Modified: | Sep 27 01:32:42 2006 |
| MD5 Checksum: | b6c53bc048768303dd5207d83e27ebe9 |
|
| /// File Name: |
MDKSA-2006-162.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-162 - The file_exists and imap_reopen functions in PHP before version 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before version 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6475 | | Related CVE(s): | CVE-2006-4481, CVE-2006-4484, CVE-2006-4485 | | Last Modified: | Sep 8 08:48:56 2006 |
| MD5 Checksum: | f2717b240fe7e3d0f1ac51994e3dd5b4 |
|
| /// File Name: |
SSRT051019.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running X.25. The vulnerability could be exploited by a local user to create a denial of service.
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 6309 | | Last Modified: | Sep 16 09:15:30 2006 |
| MD5 Checksum: | 106b53cf7d945246ea3dd7a7cc589311 |
|
| /// File Name: |
APPLE-SA-2006-09-21.txt |
Description:
|
APPLE-SA-2006-09-21 AirPort Update 2006-001 and Security Update 2006-005: The security fixes described below are available in AirPort Update 2006-001 and Security Update 2006-005. AirPort Update 2006-001 contains an additional non-security fix to address a reliability issue that occurs on a limited number of MacBook Pro systems.
| | Homepage: | http://www.apple.com/support/downloads/ | | File Size: | 6303 | | Last Modified: | Oct 3 01:14:13 2006 |
| MD5 Checksum: | 67d50ca1637b01d9ea6d85d2f9486f2d |
|
| /// File Name: |
CiscoGRE.txt |
Description:
|
Phenoelit Advisory - Cisco Systems IOS contains a bug when parsing GRE packets with GRE source routing information. A specially crafter GRE packet can cause the router to reuse packet packet data from unrelated ring buffer memory. The resulting packet is reinjected in the routing queues. Tested on C3550 IOS 12.1(19).
| | Author: | FX | | Homepage: | http://www.phenoelit.de/ | | File Size: | 6085 | | Last Modified: | Sep 7 11:17:39 2006 |
| MD5 Checksum: | f09a97e7d16b1d3caf71b6f332a4a856 |
|
| /// File Name: |
lotusDUNZIP32dll.txt |
Description:
|
The IBM Lotus Notes DUNZIP32.dll suffers from a buffer overflow vulnerability. The vulnerability has been confirmed in versions Lotus Notes 5.0.10, 6.0 and 6.5.1. Other versions may also be affected. It is expected that the latest R5 build 5.0.12 build is affected too.
| | Author: | Juha-Matti Laurio | | Homepage: | http://www.networksecurity.fi/ | | File Size: | 6060 | | Last Modified: | Sep 7 11:25:38 2006 |
| MD5 Checksum: | eb6e8ccd30441e2af9278fe031e04b93 |
|
| /// File Name: |
RISE-2006002.txt |
Description:
|
RISE-2006002: There exists a vulnerability within a architecture dependent function of the FreeBSD kernel (FreeBSD 5.2-RELEASE through FreeBSD 5.5-RELEASE), which when properly exploited can lead to local compromise of the vulnerable system. This vulnerability was fixed in FreeBSD 6.0-RELEASE, but production (legacy) releases 5.2 through 5.5 are still vulnerable.
| | Author: | RISE Security, Ramon de Carvalho Valle | | Homepage: | http://www.risesecurity.org/ | | File Size: | 6050 | | Last Modified: | Oct 3 01:46:36 2006 |
| MD5 Checksum: | f2780f72b89096adff1c6779d3cc1a1f |
|
| /// File Name: |
sa21770.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mysql-dfsg-5.0. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/21770/ | | File Size: | 5965 | | Last Modified: | Sep 7 06:08:47 2006 |
| MD5 Checksum: | 48b1bb45f5a7637b82495484061ac01b |
|
| /// File Name: |
SSRT061235-1.txt |
Description:
|
HPSBUX02155 SSRT061235 rev.1 HP-UX CIFS Server (Samba) Local Unauthorized Access, Elevated Privileges
| | Homepage: | http://www.hp.com | | File Size: | 5927 | | Last Modified: | Oct 3 02:06:43 2006 |
| MD5 Checksum: | aba1a7a1445785ee13adb1de9d17224c |
|
| /// File Name: |
sa21924.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for xorg-x11. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21924/ | | File Size: | 5870 | | Last Modified: | Sep 16 03:17:17 2006 |
| MD5 Checksum: | 506131384d66af0141b0c89e160e1b66 |
|
| /// File Name: |
dsa-1180-1.txt |
Description:
|
Debian Security Advisory 1180-1: Luigi Auriemma discovered two security related bugs in bomberclone, a free Bomberman clone.
| | Homepage: | http://www.debian.org/security | | File Size: | 5767 | | Last Modified: | Sep 26 21:47:21 2006 |
| MD5 Checksum: | 2423d9b6b7cbcdf395d5a58ccf8a73b3 |
|
| /// File Name: |
SSRT051021.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ARPA transport software. The vulnerability could be exploited by a local, authenticated user to create a denial of service condition.
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 5762 | | Last Modified: | Sep 14 09:32:16 2006 |
| MD5 Checksum: | 0f64e33cb7f32ed76be3f459a27be4a2 |
|
| /// File Name: |
EEYEB-20080824.txt |
Description:
|
eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.
| | Author: | Derek Soeder | | Homepage: | http://research.eeye.com/ | | File Size: | 5688 | | Last Modified: | Sep 13 11:40:14 2006 |
| MD5 Checksum: | cde17359bf4c467d199b4a6c7253525b |
|
| /// File Name: |
dsa-1181-1.txt |
Description:
|
Debian Security Advisory 1181-1: Tavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility.
| | Homepage: | http://www.debian.org/security | | File Size: | 5635 | | Last Modified: | Sep 26 21:47:27 2006 |
| MD5 Checksum: | b7f8cbdb9c4048813d0ebe90a5ae9a89 |
|
| /// File Name: |
sa21879.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mailman. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21879/ | | File Size: | 5608 | | Last Modified: | Sep 13 19:03:55 2006 |
| MD5 Checksum: | 9e9124b747f12ef7c2e9bfb882286ed5 |
|
| /// File Name: |
USN-338-1.txt |
Description:
|
Ubuntu Security Notice USN-338-1 - Dmitri Lenev discovered that arguments of setuid SQL functions were evaluated in the security context of the functions' definer instead of its caller. An authenticated user with the privilege to call such a function could exploit this to execute arbitrary statements with the privileges of the definer of that function. Peter Gulutzan reported a potentially confusing situation of the MERGE table engine. If an user creates a merge table, and the administrator later revokes privileges on the original table only (without changing the privileges on the merge table), that user still has access to the data by using the merge table. This is intended behavior, but might be undesirable in some installations; this update introduces a new server option "--skip-merge" which disables the MERGE engine completely.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5579 | | Related CVE(s): | CVE-2006-4227, CVE-2006-4031 | | Last Modified: | Sep 7 10:53:33 2006 |
| MD5 Checksum: | 384753d8cfbfe440cfc7d57b77071152 |
|
| /// File Name: |
sa21693.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for xorg-x11. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/21693/ | | File Size: | 5555 | | Last Modified: | Sep 6 08:32:48 2006 |
| MD5 Checksum: | e5bced493b5e8f666a7ff9a95c58520c |
|
| /// File Name: |
sa22074.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct man-in-the-middle attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22074/ | | File Size: | 5539 | | Last Modified: | Sep 25 19:56:53 2006 |
| MD5 Checksum: | eee6f5a6df699115405b9b847be3f176 |
|
| /// File Name: |
sa21848.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for apache2. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/21848/ | | File Size: | 5462 | | Last Modified: | Sep 13 00:17:26 2006 |
| MD5 Checksum: | dd04239ad5b1df4510948d17f4c8fda0 |
|
| /// File Name: |
sa22009.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for gzip. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22009/ | | File Size: | 5441 | | Last Modified: | Sep 22 01:56:25 2006 |
| MD5 Checksum: | e00060a84a88781c924aed68a87694c5 |
|
| /// File Name: |
dsa-1174-1.txt |
Description:
|
Debian Security Advisory 1174-1 - Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.
| | Homepage: | http://www.debian.org/security | | File Size: | 5269 | | Related CVE(s): | CVE-2006-4339 | | Last Modified: | Sep 13 10:51:49 2006 |
| MD5 Checksum: | 5cbcd2e9f2a36f2396da7f06eab91200 |
|
| /// File Name: |
roller.txt |
Description:
|
Roller version 2.3 is susceptible to cross site scripting attacks.
| | Author: | Avinash Shenoi | | File Size: | 5266 | | Last Modified: | Sep 16 10:02:44 2006 |
| MD5 Checksum: | e7ac79a0c0bb4fa15519e6b696cb81c2 |
|
| /// File Name: |
USN-345-1.txt |
Description:
|
Ubuntu Security Notice USN-345-1 - Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. Various cross site scripting vulnerabilities have been reported by Barry Warsaw. By using specially crafted email addresses, names, and similar arbitrary user-defined strings, a remote attacker could exploit this to run web script code in the list administrator's web browser. URLs logged to the error log file are now checked for invalid characters. Before, specially crafted URLs could inject arbitrary messages into the log.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5228 | | Related CVE(s): | CVE-2006-2941, CVE-2006-3636 | | Last Modified: | Sep 14 08:41:52 2006 |
| MD5 Checksum: | e61bbd575ca9cddc45e9577dd417edcb |
|
| /// File Name: |
sa21985.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for bomberclone. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of system information or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21985/ | | File Size: | 5143 | | Last Modified: | Sep 22 01:56:25 2006 |
| MD5 Checksum: | d73096eaa5491343da1a9a66e53b79d7 |
|
| /// File Name: |
dsa-1175-1.txt |
Description:
|
Debian Security Advisory 1175-1 - A flaw has been found in isakmpd, OpenBSD's implementation of the Internet Key Exchange protocol, that caused Security Associations to be created with a replay window of 0 when isakmpd was acting as the responder during SA negotiation. This could allow an attacker to re-inject sniffed IPsec packets, which would not be checked against the replay counter.
| | Homepage: | http://www.debian.org/security | | File Size: | 5137 | | Related CVE(s): | CVE-2006-4436 | | Last Modified: | Sep 14 09:19:48 2006 |
| MD5 Checksum: | 4119654b6969600800227f22a32ac549 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
